Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two Trojans - Cannot Remove


  • This topic is locked This topic is locked
20 replies to this topic

#1 matt8188

matt8188

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 29 May 2008 - 01:59 PM

Hello any help with my problem would be much appreciated. Recently my AVG software identified two trojans on my computer. Downloader.Delf.12.AN (acctreso.dll) and Clicker.NDN (clbs.dll). The main consequence of these trojans are that they have rapidly slowed down my computer to the point that it's taking over 10 minutes for the computer to fully start up, it's regularly crashing and there are loads of pop ups when I can finally load internet explorer. I have followed advice on other sites. I have tried different spyware removers, tried hijack this, killbox and a number of other applications but with no joy. I cannot delete the two system files acctreso.dll and clbs.dll. I'm at the point now where I am ready just to reformat the computer but after googling the problem I came accross this website. I would really appreciate if anyone can help with these problems.

I have uploaded my hijack thislog.

Many thanks

Matt

Attached Files



BC AdBot (Login to Remove)

 


#2 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 30 May 2008 - 08:24 AM

Could anyone help with this problem please?

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 30 May 2008 - 03:11 PM

Hi

First ... please Copy & paste all logs, only attach if asked to do so ...

You can't delete those files because they are registered dll's and they are "in use" they must be deleted before windows loads ...

I want you to run some programs for me & post the logs ... if the files are still there or there are any other problems, we'll take care of them then ...

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 01 June 2008 - 07:35 PM

Hello, Thankyou for the reply, please find requested Malwarebytes and Combofix log info below, I have also attached the Kaspersky Online Scan log.

Malwarebytes' Anti-Malware 1.14
Database version: 813

01:08:41 02/06/2008
mbam-log-6-2-2008 (01-08-41).txt

Scan type: Quick Scan
Objects scanned: 42282
Time elapsed: 10 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 42
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS.0\system32\acctreso.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\alot (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\alot (Adware.BHO) -> Delete on reboot.
C:\Program Files\alot\bin (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\alot (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\vic\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS.0\system32\acctreso.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch\BrowserSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch\ErrorSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2\images\default_233_alot_music_musicsearch.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3\images\default_234_alot_music_onlineradio.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4\images\default_317_alot_music_mymusic.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5\images\default_232_alot_mrkt_tv_play.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\vic\Start Menu\Programs\WhenU\Uninstall.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.


ComboFix 08-05-29.1 - Administrator 2008-06-02 1:15:18.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\clbs.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS.0\system32\drivers\mbamcatchme.sys
2008-06-02 00:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-06-01 17:07 . 2008-06-01 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2008-05-31 20:58 . 2008-05-31 20:58 <DIR> d-------- C:\WINDOWS.0\%DownloadedProgramFiles%
2008-05-31 20:56 . 2006-07-27 13:52 367 --a------ C:\WINDOWS.0\system32\LegitCheckControl.inf
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\system32\xircom
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\mui
2008-05-31 08:37 . 2008-05-31 08:37 <DIR> d-------- C:\WINDOWS.0\msagent
2008-05-30 20:41 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS.0\system32\dllcache\sysmain.sdb
2008-05-30 20:41 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS.0\system32\dllcache\apph_sp.sdb
2008-05-30 20:41 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS.0\system32\dllcache\apphelp.sdb
2008-05-30 20:34 . 2008-05-30 20:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-29 22:36 . 2008-05-29 22:36 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles
2008-05-29 22:36 . 2008-05-30 20:25 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF
2008-05-29 22:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2008-05-29 21:51 . 2008-05-29 21:51 <DIR> d-------- C:\Program Files\Channel4
2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Channel4
2008-05-26 19:23 . 2008-05-27 18:48 <DIR> d-------- C:\!KillBox
2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\WINDOWS.0\F8BA8B13856D4DFBA28F7EC868142453.TMP
2008-05-25 01:32 . 2008-05-25 01:32 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\ymjmieen
2008-05-22 22:10 . 2008-05-22 22:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ymjmieen
2008-05-22 22:07 . 2008-05-22 22:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SuperAdBlocker.com
2008-05-22 22:06 . 2008-05-22 22:14 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-22 22:03 . 2008-05-22 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 00:09 . 2008-05-21 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg7
2008-05-21 00:02 . 2008-06-02 01:20 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-05-21 00:02 . 2008-06-01 17:09 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-05-20 23:51 . 2008-05-20 23:51 <DIR> d-------- C:\Program Files\Bonjour
2008-05-20 23:03 . 2008-05-20 23:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-20 23:00 . 2008-06-01 18:47 <DIR> d----c--- C:\WINDOWS.0\system32\DRVSTORE
2008-05-20 22:54 . 2008-05-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple
2008-05-07 20:59 . 2008-05-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-07 20:58 . 2008-05-07 20:58 20,608 --a------ C:\WINDOWS.0\system32\drivers\lfhboxfp.dat
2008-05-06 20:10 . 2008-06-02 01:08 88,064 --a------ C:\WINDOWS.0\system32\acctreso.dll
2008-05-05 22:47 . 2008-05-05 22:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Ahead
2008-05-05 10:52 . 2008-05-05 10:56 1,992 --a------ C:\WINDOWS.0\desctemp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki
2008-06-01 16:08 --------- d-----w C:\Program Files\iTunes
2008-06-01 16:08 --------- d-----w C:\Program Files\iPod
2008-05-30 06:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-29 21:36 --------- d-----w C:\Program Files\eMule
2008-05-29 20:51 --------- d-----w C:\Program Files\Kontiki
2008-05-26 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-22 22:17 --------- d-----w C:\Program Files\MyEmoticons
2008-05-20 23:09 --------- d-----w C:\Program Files\Absolute Poker
2008-05-20 22:46 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-20 22:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple Computer
2008-05-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-20 21:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-20 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-05-05 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-01 08:17 --------- d-----w C:\Program Files\UltimateBet
2008-04-20 22:27 --------- d-----w C:\Program Files\Winamp
2008-04-20 22:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 21:57 --------- d-----w C:\Program Files\Nero
2008-04-20 21:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nero
2008-04-20 19:24 --------- d-----w C:\Program Files\Ahead
2006-03-25 23:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\dllcache\TCPIP.SYS
2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-31_ 0.14.02.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 23:08:28 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
+ 2008-06-02 00:19:39 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
+ 2002-12-31 12:00:00 61,440 -c----w C:\WINDOWS.0\ie7\admparse.dll
+ 2002-12-31 12:00:00 99,840 -c----w C:\WINDOWS.0\ie7\advpack.dll
+ 2002-12-31 12:00:00 1,019,904 -c----w C:\WINDOWS.0\ie7\browseui.dll
+ 2002-12-31 12:00:00 35,328 -c----w C:\WINDOWS.0\ie7\corpol.dll
+ 2002-12-31 12:00:00 357,888 -c----w C:\WINDOWS.0\ie7\dxtmsft.dll
+ 2002-12-31 12:00:00 201,728 -c----w C:\WINDOWS.0\ie7\dxtrans.dll
+ 2002-12-31 12:00:00 55,808 -c----w C:\WINDOWS.0\ie7\extmgr.dll
+ 2002-12-31 12:00:00 38,912 -c----w C:\WINDOWS.0\ie7\hmmapi.dll
+ 2002-12-31 12:00:00 34,304 -c----w C:\WINDOWS.0\ie7\ie4uinit.exe
+ 2002-12-31 12:00:00 139,264 -c----w C:\WINDOWS.0\ie7\ieakeng.dll
+ 2002-12-31 12:00:00 216,576 -c----w C:\WINDOWS.0\ie7\ieaksie.dll
+ 2002-12-31 12:00:00 221,184 -c----w C:\WINDOWS.0\ie7\ieakui.dll
+ 2002-12-31 12:00:00 323,584 -c----w C:\WINDOWS.0\ie7\iedkcs32.dll
+ 2002-12-31 12:00:00 18,432 -c----w C:\WINDOWS.0\ie7\iedw.exe
+ 2002-12-31 12:00:00 81,920 -c----w C:\WINDOWS.0\ie7\ieencode.dll
+ 2002-12-31 12:00:00 250,880 -c----w C:\WINDOWS.0\ie7\iepeers.dll
+ 2002-12-31 12:00:00 48,640 -c----w C:\WINDOWS.0\ie7\iernonce.dll
+ 2002-12-31 12:00:00 62,976 -c----w C:\WINDOWS.0\ie7\iesetup.dll
+ 2002-12-31 12:00:00 93,184 -c----w C:\WINDOWS.0\ie7\iexplore.exe
+ 2002-12-31 12:00:00 35,840 -c----w C:\WINDOWS.0\ie7\imgutil.dll
+ 2002-12-31 12:00:00 96,256 -c----w C:\WINDOWS.0\ie7\inseng.dll
+ 2002-12-31 12:00:00 450,560 -c----w C:\WINDOWS.0\ie7\jscript.dll
+ 2002-12-31 12:00:00 15,872 -c----w C:\WINDOWS.0\ie7\jsproxy.dll
+ 2002-12-31 12:00:00 22,016 -c----w C:\WINDOWS.0\ie7\licmgr10.dll
+ 2002-12-31 12:00:00 29,184 -c----w C:\WINDOWS.0\ie7\mshta.exe
+ 2002-12-31 12:00:00 3,014,144 -c----w C:\WINDOWS.0\ie7\mshtml.dll
+ 2002-12-31 12:00:00 448,512 -c----w C:\WINDOWS.0\ie7\mshtmled.dll
+ 2002-12-31 12:00:00 56,832 -c----w C:\WINDOWS.0\ie7\mshtmler.dll
+ 2002-12-31 12:00:00 146,432 -c----w C:\WINDOWS.0\ie7\msls31.dll
+ 2002-12-31 12:00:00 146,432 -c----w C:\WINDOWS.0\ie7\msrating.dll
+ 2002-12-31 12:00:00 530,432 -c----w C:\WINDOWS.0\ie7\mstime.dll
+ 2002-12-31 12:00:00 96,256 -c----w C:\WINDOWS.0\ie7\occache.dll
+ 2002-12-31 12:00:00 39,424 -c----w C:\WINDOWS.0\ie7\pngfilt.dll
+ 2002-12-31 12:00:00 1,484,800 -c----w C:\WINDOWS.0\ie7\shdocvw.dll
+ 2002-12-31 12:00:00 473,600 -c----w C:\WINDOWS.0\ie7\shlwapi.dll
+ 2006-01-20 13:33:12 238,400 -c----w C:\WINDOWS.0\ie7\spuninst\iecustom.dll
+ 2006-09-06 16:43:16 213,216 -c----w C:\WINDOWS.0\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c----w C:\WINDOWS.0\ie7\spuninst\updspapi.dll
+ 2002-12-31 12:00:00 37,888 -c----w C:\WINDOWS.0\ie7\url.dll
+ 2002-12-31 12:00:00 608,256 -c----w C:\WINDOWS.0\ie7\urlmon.dll
+ 2002-12-31 12:00:00 417,792 -c----w C:\WINDOWS.0\ie7\vbscript.dll
+ 2002-12-31 12:00:00 848,896 -c----w C:\WINDOWS.0\ie7\vgx.dll
+ 2002-12-31 12:00:00 276,480 -c----w C:\WINDOWS.0\ie7\webcheck.dll
+ 2002-12-31 12:00:00 658,944 -c----w C:\WINDOWS.0\ie7\wininet.dll
+ 2008-06-01 17:48:01 4,456,448 ----a-r C:\WINDOWS.0\Installer\{20ED157B-1A84-4DF7-945E-4951A38A9CBA}\iPodResetUtility.exe
- 2008-05-20 23:02:18 102,400 ----a-r C:\WINDOWS.0\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-06-01 16:09:02 102,400 ----a-r C:\WINDOWS.0\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2002-12-31 12:00:00 61,440 ----a-w C:\WINDOWS.0\system32\admparse.dll
+ 2006-10-17 12:01:08 71,680 ----a-w C:\WINDOWS.0\system32\admparse.dll
- 2002-12-31 12:00:00 99,840 ----a-w C:\WINDOWS.0\system32\advpack.dll
+ 2006-10-17 12:00:50 123,904 ----a-w C:\WINDOWS.0\system32\advpack.dll
- 2002-12-31 12:00:00 1,019,904 ----a-w C:\WINDOWS.0\system32\browseui.dll
+ 2006-09-23 12:12:50 1,022,976 ----a-w C:\WINDOWS.0\system32\browseui.dll
+ 2006-10-17 12:01:08 71,680 -c----w C:\WINDOWS.0\system32\dllcache\admparse.dll
+ 2006-10-17 12:00:50 123,904 -c----w C:\WINDOWS.0\system32\dllcache\advpack.dll
+ 2006-09-23 12:12:50 1,022,976 -c----w C:\WINDOWS.0\system32\dllcache\browseui.dll
+ 2006-10-17 12:03:56 17,408 -c----w C:\WINDOWS.0\system32\dllcache\corpol.dll
+ 2006-10-17 12:33:40 33,792 -c----w C:\WINDOWS.0\system32\dllcache\custsat.dll
+ 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll
+ 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS.0\system32\dllcache\dxtrans.dll
+ 2006-10-17 12:33:40 131,584 -c----w C:\WINDOWS.0\system32\dllcache\extmgr.dll
+ 2006-10-17 11:44:36 60,416 -c----w C:\WINDOWS.0\system32\dllcache\hmmapi.dll
+ 2006-10-17 12:00:56 54,784 -c----w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
+ 2006-10-17 12:01:20 152,064 -c----w C:\WINDOWS.0\system32\dllcache\ieakeng.dll
+ 2006-10-17 12:01:34 229,376 -c----w C:\WINDOWS.0\system32\dllcache\ieaksie.dll
+ 2006-10-17 11:23:08 161,792 -c----w C:\WINDOWS.0\system32\dllcache\ieakui.dll
+ 2006-10-17 12:01:22 382,976 -c----w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll
+ 2006-10-17 12:04:50 69,120 -c----w C:\WINDOWS.0\system32\dllcache\iedw.exe
+ 2006-10-17 12:06:00 78,336 -c----w C:\WINDOWS.0\system32\dllcache\ieencode.dll
+ 2006-10-17 12:33:40 191,488 -c----w C:\WINDOWS.0\system32\dllcache\iepeers.dll
+ 2006-10-17 12:00:58 43,008 -c----w C:\WINDOWS.0\system32\dllcache\iernonce.dll
+ 2006-10-17 12:01:06 55,296 -c----w C:\WINDOWS.0\system32\dllcache\iesetup.dll
+ 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS.0\system32\dllcache\iexplore.exe
+ 2006-10-17 11:57:58 36,352 -c----w C:\WINDOWS.0\system32\dllcache\imgutil.dll
+ 2006-10-17 12:00:54 92,672 -c----w C:\WINDOWS.0\system32\dllcache\inseng.dll
+ 2006-10-17 12:00:00 491,520 -c----w C:\WINDOWS.0\system32\dllcache\jscript.dll
+ 2006-10-17 12:33:40 27,136 -c----w C:\WINDOWS.0\system32\dllcache\jsproxy.dll
+ 2006-10-17 12:05:10 40,960 -c----w C:\WINDOWS.0\system32\dllcache\licmgr10.dll
+ 2006-10-17 11:56:10 45,568 -c----w C:\WINDOWS.0\system32\dllcache\mshta.exe
+ 2006-10-17 12:33:42 3,577,856 -c----w C:\WINDOWS.0\system32\dllcache\mshtml.dll
+ 2006-10-17 12:33:40 475,648 -c----w C:\WINDOWS.0\system32\dllcache\mshtmled.dll
+ 2006-10-17 11:28:56 48,128 -c----w C:\WINDOWS.0\system32\dllcache\mshtmler.dll
+ 2006-10-17 12:33:40 156,160 -c----w C:\WINDOWS.0\system32\dllcache\msls31.dll
+ 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS.0\system32\dllcache\msrating.dll
+ 2006-10-17 12:33:40 670,720 -c----w C:\WINDOWS.0\system32\dllcache\mstime.dll
+ 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS.0\system32\dllcache\occache.dll
+ 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS.0\system32\dllcache\pngfilt.dll
+ 2006-09-23 12:12:50 1,497,088 -c----w C:\WINDOWS.0\system32\dllcache\shdocvw.dll
+ 2006-09-23 12:12:50 474,112 -c----w C:\WINDOWS.0\system32\dllcache\shlwapi.dll
+ 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS.0\system32\dllcache\url.dll
+ 2006-10-17 12:33:40 1,162,240 -c----w C:\WINDOWS.0\system32\dllcache\urlmon.dll
+ 2006-10-17 12:33:40 413,696 -c----w C:\WINDOWS.0\system32\dllcache\vbscript.dll
+ 2006-10-17 12:33:40 765,952 -c----w C:\WINDOWS.0\system32\dllcache\VGX.dll
+ 2006-10-17 12:33:40 231,424 -c----w C:\WINDOWS.0\system32\dllcache\webcheck.dll
+ 2006-10-17 12:33:40 818,688 -c----w C:\WINDOWS.0\system32\dllcache\wininet.dll
+ 2008-04-23 19:28:18 68,216 -c--a-w C:\WINDOWS.0\system32\DRVSTORE\StMp3Rec_5C7ED6AF794D3543E9BAAF5776DB8EFD2139DA58\StMp3Rec.sys
+ 2008-02-18 10:16:24 30,464 -c--a-w C:\WINDOWS.0\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2002-12-31 12:00:00 357,888 ----a-w C:\WINDOWS.0\system32\dxtmsft.dll
+ 2006-10-17 11:58:06 346,624 ----a-w C:\WINDOWS.0\system32\dxtmsft.dll
- 2002-12-31 12:00:00 201,728 ----a-w C:\WINDOWS.0\system32\dxtrans.dll
+ 2006-10-17 11:57:50 214,528 ----a-w C:\WINDOWS.0\system32\dxtrans.dll
- 2002-12-31 12:00:00 55,808 ----a-w C:\WINDOWS.0\system32\extmgr.dll
+ 2006-10-17 12:33:40 131,584 ----a-w C:\WINDOWS.0\system32\extmgr.dll
+ 2006-10-17 11:58:20 61,952 ------w C:\WINDOWS.0\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS.0\system32\idndl.dll
- 2002-12-31 12:00:00 34,304 ----a-w C:\WINDOWS.0\system32\ie4uinit.exe
+ 2006-10-17 12:00:56 54,784 ----a-w C:\WINDOWS.0\system32\ie4uinit.exe
- 2002-12-31 12:00:00 139,264 ----a-w C:\WINDOWS.0\system32\ieakeng.dll
+ 2006-10-17 12:01:20 152,064 ----a-w C:\WINDOWS.0\system32\ieakeng.dll
- 2002-12-31 12:00:00 216,576 ----a-w C:\WINDOWS.0\system32\ieaksie.dll
+ 2006-10-17 12:01:34 229,376 ----a-w C:\WINDOWS.0\system32\ieaksie.dll
- 2002-12-31 12:00:00 221,184 ----a-w C:\WINDOWS.0\system32\ieakui.dll
+ 2006-10-17 11:23:08 161,792 ----a-w C:\WINDOWS.0\system32\ieakui.dll
+ 2006-09-05 23:01:26 2,451,824 ------w C:\WINDOWS.0\system32\ieapfltr.dat
+ 2006-10-17 11:27:56 380,928 ------w C:\WINDOWS.0\system32\ieapfltr.dll
- 2002-12-31 12:00:00 323,584 ----a-w C:\WINDOWS.0\system32\iedkcs32.dll
+ 2006-10-17 12:01:22 382,976 ----a-w C:\WINDOWS.0\system32\iedkcs32.dll
- 2002-12-31 12:00:00 81,920 ----a-w C:\WINDOWS.0\system32\ieencode.dll
+ 2006-10-17 12:06:00 78,336 ----a-w C:\WINDOWS.0\system32\ieencode.dll
+ 2006-10-17 12:33:42 6,049,280 ------w C:\WINDOWS.0\system32\ieframe.dll
- 2002-12-31 12:00:00 250,880 ----a-w C:\WINDOWS.0\system32\iepeers.dll
+ 2006-10-17 12:33:40 191,488 ----a-w C:\WINDOWS.0\system32\iepeers.dll
- 2002-12-31 12:00:00 48,640 ----a-w C:\WINDOWS.0\system32\iernonce.dll
+ 2006-10-17 12:00:58 43,008 ----a-w C:\WINDOWS.0\system32\iernonce.dll
+ 2006-10-17 11:57:20 266,752 ------w C:\WINDOWS.0\system32\iertutil.dll
- 2002-12-31 12:00:00 62,976 ----a-w C:\WINDOWS.0\system32\iesetup.dll
+ 2006-10-17 12:01:06 55,296 ----a-w C:\WINDOWS.0\system32\iesetup.dll
+ 2006-10-17 12:01:00 13,312 ----a-w C:\WINDOWS.0\system32\ieudinit.exe
+ 2006-10-17 12:33:40 180,736 ------w C:\WINDOWS.0\system32\ieui.dll
- 2002-12-31 12:00:00 35,840 ----a-w C:\WINDOWS.0\system32\imgutil.dll
+ 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS.0\system32\imgutil.dll
- 2002-12-31 12:00:00 96,256 ----a-w C:\WINDOWS.0\system32\inseng.dll
+ 2006-10-17 12:00:54 92,672 ----a-w C:\WINDOWS.0\system32\inseng.dll
- 2002-12-31 12:00:00 450,560 ----a-w C:\WINDOWS.0\system32\jscript.dll
+ 2006-10-17 12:00:00 491,520 ----a-w C:\WINDOWS.0\system32\jscript.dll
- 2002-12-31 12:00:00 15,872 ----a-w C:\WINDOWS.0\system32\jsproxy.dll
+ 2006-10-17 12:33:40 27,136 ----a-w C:\WINDOWS.0\system32\jsproxy.dll
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-03-20 17:06:36 1,480,232 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.DLL
+ 2006-09-12 06:08:02 1,484,592 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.dll
- 2002-12-31 12:00:00 22,016 ----a-w C:\WINDOWS.0\system32\licmgr10.dll
+ 2006-10-17 12:05:10 40,960 ----a-w C:\WINDOWS.0\system32\licmgr10.dll
+ 2006-10-17 12:33:40 458,752 ------w C:\WINDOWS.0\system32\msfeeds.dll
+ 2006-10-17 12:33:40 50,688 ------w C:\WINDOWS.0\system32\msfeedsbs.dll
+ 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS.0\system32\msfeedssync.exe
- 2002-12-31 12:00:00 29,184 ----a-w C:\WINDOWS.0\system32\mshta.exe
+ 2006-10-17 11:56:10 45,568 ----a-w C:\WINDOWS.0\system32\mshta.exe
- 2002-12-31 12:00:00 3,014,144 ----a-w C:\WINDOWS.0\system32\mshtml.dll
+ 2006-10-17 12:33:42 3,577,856 ----a-w C:\WINDOWS.0\system32\mshtml.dll
- 2002-12-31 12:00:00 448,512 ----a-w C:\WINDOWS.0\system32\mshtmled.dll
+ 2006-10-17 12:33:40 475,648 ----a-w C:\WINDOWS.0\system32\mshtmled.dll
- 2002-12-31 12:00:00 56,832 ----a-w C:\WINDOWS.0\system32\mshtmler.dll
+ 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS.0\system32\mshtmler.dll
- 2002-12-31 12:00:00 146,432 ----a-w C:\WINDOWS.0\system32\msls31.dll
+ 2006-10-17 12:33:40 156,160 ----a-w C:\WINDOWS.0\system32\msls31.dll
- 2002-12-31 12:00:00 146,432 ----a-w C:\WINDOWS.0\system32\msrating.dll
+ 2006-10-17 12:05:10 192,000 ----a-w C:\WINDOWS.0\system32\msrating.dll
- 2002-12-31 12:00:00 530,432 ----a-w C:\WINDOWS.0\system32\mstime.dll
+ 2006-10-17 12:33:40 670,720 ----a-w C:\WINDOWS.0\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS.0\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS.0\system32\normaliz.dll
- 2002-12-31 12:00:00 96,256 ----a-w C:\WINDOWS.0\system32\occache.dll
+ 2006-10-17 12:04:46 101,376 ----a-w C:\WINDOWS.0\system32\occache.dll
- 2008-05-30 21:36:41 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
+ 2008-06-02 00:16:12 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
- 2008-05-30 21:36:41 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-06-02 00:16:12 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
- 2002-12-31 12:00:00 39,424 ----a-w C:\WINDOWS.0\system32\pngfilt.dll
+ 2006-10-17 11:58:08 44,544 ----a-w C:\WINDOWS.0\system32\pngfilt.dll
- 2002-12-31 12:00:00 1,484,800 ----a-w C:\WINDOWS.0\system32\shdocvw.dll
+ 2006-09-23 12:12:50 1,497,088 ----a-w C:\WINDOWS.0\system32\shdocvw.dll
- 2002-12-31 12:00:00 473,600 ----a-w C:\WINDOWS.0\system32\shlwapi.dll
+ 2006-09-23 12:12:50 474,112 ----a-w C:\WINDOWS.0\system32\shlwapi.dll
- 2002-12-31 12:00:00 37,888 ----a-w C:\WINDOWS.0\system32\url.dll
+ 2006-10-17 12:05:22 105,984 ----a-w C:\WINDOWS.0\system32\url.dll
- 2002-12-31 12:00:00 608,256 ----a-w C:\WINDOWS.0\system32\urlmon.dll
+ 2006-10-17 12:33:40 1,162,240 ----a-w C:\WINDOWS.0\system32\urlmon.dll
- 2002-12-31 12:00:00 417,792 ----a-w C:\WINDOWS.0\system32\vbscript.dll
+ 2006-10-17 12:33:40 413,696 ----a-w C:\WINDOWS.0\system32\vbscript.dll
- 2002-12-31 12:00:00 276,480 ----a-w C:\WINDOWS.0\system32\webcheck.dll
+ 2006-10-17 12:33:40 231,424 ----a-w C:\WINDOWS.0\system32\webcheck.dll
+ 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS.0\system32\WinFXDocObj.exe
- 2002-12-31 12:00:00 658,944 ----a-w C:\WINDOWS.0\system32\wininet.dll
+ 2006-10-17 12:33:40 818,688 ----a-w C:\WINDOWS.0\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS.0\system32\xmllite.dll
+ 2008-06-02 00:19:49 16,384 ----atw C:\WINDOWS.0\Temp\Perflib_Perfdata_6b8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B80E9EF-66A0-40C7-856E-916C0CDA78A7}]
2002-12-31 13:00 81920 --a------ c:\windows.0\system32\clbs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A98E2672-774B-4802-86EF-3E6D47CB989A}]
2008-06-02 01:08 88064 --a------ C:\WINDOWS.0\system32\acctreso.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 23:10 667648]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"combofix"="C:\WINDOWS.0\system32\CF13735.exe" [2002-12-31 13:00 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-07-17 12:07 33792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rvqvufoh]
clbs.dll 2002-12-31 13:00 81920 C:\WINDOWS.0\system32\clbs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS.0\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS.0\system32\imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS.0\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS.0\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2003-03-20 22:21 1855488 C:\WINDOWS.0\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-14 18:53 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS.0\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-12-31 13:00 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2007-06-11 08:06 901120 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
--a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-09-30 03:18 24576 C:\Program Files\Winamp\Winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
E:\installs\workflow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Documents and Settings\\Administrator\\My Documents\\BlueSoleil.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS.0\\explorer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34320:TCP"= 34320:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"44062:TCP"= 44062:TCP:@xpsp2res.dll,-22009
"6860:TCP"= 6860:TCP:@xpsp2res.dll,-22009
"5923:TCP"= 5923:TCP:@xpsp2res.dll,-22009
"28078:TCP"= 28078:TCP:@xpsp2res.dll,-22009
"45873:TCP"= 45873:TCP:@xpsp2res.dll,-22009
"421:TCP"= 421:TCP:@xpsp2res.dll,-22009
"10415:TCP"= 10415:TCP:@xpsp2res.dll,-22009
"32539:TCP"= 32539:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"27804:TCP"= 27804:TCP:@xpsp2res.dll,-22009
"29052:TCP"= 29052:TCP:@xpsp2res.dll,-22009
"39424:TCP"= 39424:TCP:@xpsp2res.dll,-22009

R0 geiawbxn;geiawbxn;C:\WINDOWS.0\system32\drivers\geiawbxn.sys [2002-12-31 13:00]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R3 cmipci;CMI8738/8768 Audio Driver;C:\WINDOWS.0\system32\drivers\cmipci.sys [2007-10-02 03:10]
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.0\system32\UnlockerDriver4.sys [2005-04-24 13:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pneniaee

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 22:04:43 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 01:20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS.0\system32\oodag.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-02 1:25:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 00:25:24
ComboFix2.txt 2008-05-30 23:14:27

Pre-Run: 27,396,403,200 bytes free
Post-Run: 27,398,549,504 bytes free

423

Attached Files

  • Attached File  KAV.txt   115.25KB   17 downloads


#5 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 02 June 2008 - 11:59 AM

Here's my most recent hijackthis log as well;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:47, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS.0\system32\oodag.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B80E9EF-66A0-40C7-856E-916C0CDA78A7} - c:\windows.0\system32\clbs.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {A98E2672-774B-4802-86EF-3E6D47CB989A} - C:\WINDOWS.0\system32\acctreso.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D680E59C-EECE-4E47-8674-7D4D58BB5DE5}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: rvqvufoh - C:\WINDOWS.0\SYSTEM32\clbs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

--
End of file - 5791 bytes

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 02 June 2008 - 04:48 PM

Hi

Do you have 2 installs of windows on the same C: partition ?

Please go here and upload this file ...

C:\WINDOWS.0\system32\CF13735.exe

http://www.virustotal.com/flash/index_en.html

Click the browse button & browse to the file on your computer

Post back the results ... right click on the page > select all

right click again copy

post the results in your next post here...

THEN do the same with this one :-

C:\WINDOWS.0\system32\drivers\geiawbxn.sys

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 03 June 2008 - 04:32 PM

Thank you for your reply Steam. Yes it's my girlfriend's computer, I belive she installed a newer version of XP on the computer. There was a dual boot option but I removed this as we only use one version of XP. However there still are a number of files on the computer belonging to the original version.

I have searched but cannot find the file C:\WINDOWS.0\system32\CF13735.exe. It doesn't seem to be on the system anymore. I have uploaded the file C:\WINDOWS.0\system32\drivers\geiawbxn.sys. Here are the log results. Many thanks.

File geiawbxn.sys received on 06.03.2008 23:22:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.03 -
AntiVir 7.8.0.26 2008.06.03 -
Authentium 5.1.0.4 2008.06.03 -
Avast 4.8.1195.0 2008.06.03 -
AVG 7.5.0.516 2008.06.03 -
BitDefender 7.2 2008.06.03 -
CAT-QuickHeal 9.50 2008.06.03 -
ClamAV 0.92.1 2008.06.03 -
DrWeb 4.44.0.09170 2008.06.03 -
eSafe 7.0.15.0 2008.06.03 -
eTrust-Vet 31.4.5845 2008.06.03 -
Ewido 4.0 2008.06.03 -
F-Prot 4.4.4.56 2008.06.02 -
F-Secure 6.70.13260.0 2008.06.03 -
Fortinet 3.14.0.0 2008.06.03 -
GData 2.0.7306.1023 2008.06.03 -
Ikarus T3.1.1.26.0 2008.06.03 -
Kaspersky 7.0.0.125 2008.06.03 -
McAfee 5309 2008.06.03 -
Microsoft 1.3604 2008.06.03 -
NOD32v2 3156 2008.06.03 -
Norman 5.80.02 2008.06.03 -
Panda 9.0.0.4 2008.06.03 -
Prevx1 V2 2008.06.03 -
Rising 20.47.12.00 2008.06.03 -
Sophos 4.29.0 2008.06.03 -
Sunbelt 3.0.1143.1 2008.06.03 -
Symantec 10 2008.06.03 -
TheHacker 6.2.92.333 2008.06.03 -
VBA32 3.12.6.7 2008.06.03 -
VirusBuster 4.3.26:9 2008.06.03 -
Webwasher-Gateway 6.6.2 2008.06.03 BlockReason.0
Additional information
File size: 22016 bytes
MD5...: 85f42cd01dabda2aabb2bb918f489ba6
SHA1..: 263c0272bba48a1745a819e3f25b7823fb557f1f
SHA256: 6fa2cdf52935d805f317f7c7f8a577426b9b2318de4061f1d6f90b26a0b17961
SHA512: c82f265346d722632ecd14e24d630c3dc414338bd29ddd932a7e417d523fe52a
4c07ba2f132991eb8a6ef732370953f0d284c1c322a257a6f7acd7af1850e6fe
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14000
timedatestamp.....: 0x3b7d840a (Fri Aug 17 20:52:26 2001)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0xb87 0xc00 6.81 744c1d4043ed972652223089ed7ec56e
.rdata 0xf00 0xa0 0x100 2.69 ba72c8bd86767e4d0cb57337265f18a8
PAGECDNC 0x1000 0x153a 0x1580 6.42 7d0d84f5cdac7334b8be4d257b38664b
PAGECDOT 0x2580 0x1a01 0x1a80 6.41 1f3242a3a13a8e6fd232ba8fdf7ac251
INIT 0x4000 0x2b2 0x300 5.01 81ee96a8feddf761737efd8717fe6a62
.ddqn 0x4300 0xd00 0xd00 6.85 1bab2c97f1b6391e7c6bbc45366ad433
.rsrc 0x5000 0x3f0 0x400 3.33 389ca3c0de76854c5ed07faeee8cfd44
.reloc 0x5400 0x1dc 0x200 5.55 3eff2beb322e9d0cb2175ee58a54f0df

( 1 imports )
> ntoskrnl.exe: KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, KeSetEvent, RtlCompareMemory, ExFreePoolWithTag, ExAllocatePoolWithTag, IofCompleteRequest, IoSetHardErrorOrVerifyDevice, KeDelayExecutionThread, PoCallDriver, PoStartNextPowerIrp, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, MmLockPagableDataSection, ZwClose, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, RtlWriteRegistryValue

( 0 exports )

Edited by matt8188, 03 June 2008 - 04:34 PM.


#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 03 June 2008 - 05:33 PM

HI

You are running an out-of-date version of java

Go to add/remove programs and uninstall any earlier versions ... in your case :-

jre1.5.0_04

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

Then...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS.0\system32\clbs.dll.bak
C:\WINDOWS.0\system32\acctreso.dll
c:\windows.0\system32\clbs.dll
C:\WINDOWS.0\system32\drivers\geiawbxn.sys

Driver::
geiawbxn

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B80E9EF-66A0-40C7-856E-916C0CDA78A7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A98E2672-774B-4802-86EF-3E6D47CB989A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rvqvufoh]


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 04 June 2008 - 02:02 PM

Thanks Steam, I think they've gone now. Is there anything else I need to do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:51, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS.0\system32\oodag.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D680E59C-EECE-4E47-8674-7D4D58BB5DE5}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

--
End of file - 6005 bytes

#10 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 04 June 2008 - 06:04 PM

HI

Yes it's looking good :thumbsup:

But you still have quite a few malware files to remove ...

First could you post the Combofix.txt from your last run of Combofix please ...

Please post this report before running Combofix again, so as not to get the reports mixed up ...

Then ... the files & folders below all contain adware, with your permission we should delete them.

C:\Program Files\Need2Find
C:\Program Files\ARES

C:\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe
C:\Documents and Settings\vic\Desktop\New Folder\Ares.exe
C:\Documents and Settings\vic\Desktop\PAUL\Ares.exe
C:\WINDOWS.0\system32\cmdow.exe

If you agree please do this :-

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe
C:\Documents and Settings\vic\Desktop\New Folder\Ares.exe
C:\Documents and Settings\vic\Desktop\PAUL\Ares.exe
C:\WINDOWS.0\system32\cmdow.exe

Folder::
C:\!KillBox
C:\Program Files\Need2Find
C:\Program Files\ARES


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#11 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 05 June 2008 - 05:39 PM

Thanks Steam I think they've gone now as well, do you recommend anything else? Could I ask what anti-virus and firewall would you advise to use?

Here is the original combofix log;

ComboFix 08-05-29.1 - Administrator 2008-06-04 8:14:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS.0\system32\acctreso.dll
c:\windows.0\system32\clbs.dll
C:\WINDOWS.0\system32\clbs.dll.bak
C:\WINDOWS.0\system32\drivers\geiawbxn.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.0\system32\acctreso.dll
C:\WINDOWS.0\system32\clbs.dll
C:\WINDOWS.0\system32\clbs.dll.bak
C:\WINDOWS.0\system32\drivers\geiawbxn.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEIAWBXN
-------\Service_geiawbxn


((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 08:06 . 2008-06-04 08:06 <DIR> d-------- C:\Program Files\Sun
2008-06-04 08:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS.0\system32\javacpl.cpl
2008-06-04 07:54 . 2008-06-04 07:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 20:58 . 2008-06-02 20:58 <DIR> d-------- C:\Program Files\Comodo
2008-06-02 20:58 . 2008-06-02 20:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\BOC426
2008-06-02 20:58 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS.0\CMDLIC.DLL
2008-06-02 20:58 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS.0\UNBOC.EXE
2008-06-02 20:58 . 2002-12-31 13:00 22,528 --a------ C:\WINDOWS.0\system32\wsock32.dlb
2008-06-02 20:58 . 2008-06-04 08:18 7,649 --a------ C:\WINDOWS.0\BOC426.INI
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS.0\system32\drivers\mbamcatchme.sys
2008-06-02 00:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-06-01 17:07 . 2008-06-01 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2008-05-31 20:58 . 2008-05-31 20:58 <DIR> d-------- C:\WINDOWS.0\%DownloadedProgramFiles%
2008-05-31 20:56 . 2006-07-27 13:52 367 --a------ C:\WINDOWS.0\system32\LegitCheckControl.inf
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\system32\xircom
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\mui
2008-05-31 08:37 . 2008-05-31 08:37 <DIR> d-------- C:\WINDOWS.0\msagent
2008-05-30 20:41 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS.0\system32\dllcache\sysmain.sdb
2008-05-30 20:41 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS.0\system32\dllcache\apph_sp.sdb
2008-05-30 20:41 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS.0\system32\dllcache\apphelp.sdb
2008-05-30 20:34 . 2008-05-30 20:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-29 22:36 . 2008-05-29 22:36 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles
2008-05-29 22:36 . 2008-05-30 20:25 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF
2008-05-29 22:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2008-05-29 21:51 . 2008-05-29 21:51 <DIR> d-------- C:\Program Files\Channel4
2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Channel4
2008-05-26 19:23 . 2008-05-27 18:48 <DIR> d-------- C:\!KillBox
2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\WINDOWS.0\F8BA8B13856D4DFBA28F7EC868142453.TMP
2008-05-25 01:32 . 2008-05-25 01:32 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\ymjmieen
2008-05-22 22:10 . 2008-05-22 22:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ymjmieen
2008-05-22 22:07 . 2008-05-22 22:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SuperAdBlocker.com
2008-05-22 22:06 . 2008-05-22 22:14 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-22 22:03 . 2008-05-22 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 00:09 . 2008-05-21 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg7
2008-05-21 00:02 . 2008-06-04 08:18 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-05-21 00:02 . 2008-06-01 17:09 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-05-20 23:51 . 2008-05-20 23:51 <DIR> d-------- C:\Program Files\Bonjour
2008-05-20 23:03 . 2008-05-20 23:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-20 23:00 . 2008-06-01 18:47 <DIR> d----c--- C:\WINDOWS.0\system32\DRVSTORE
2008-05-20 22:54 . 2008-05-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple
2008-05-07 20:59 . 2008-05-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-07 20:58 . 2008-05-07 20:58 20,608 --a------ C:\WINDOWS.0\system32\drivers\lfhboxfp.dat
2008-05-05 22:47 . 2008-05-05 22:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Ahead
2008-05-05 10:52 . 2008-05-05 10:56 1,992 --a------ C:\WINDOWS.0\desctemp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 07:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki
2008-06-04 07:06 --------- d-----w C:\Program Files\Java
2008-06-01 16:08 --------- d-----w C:\Program Files\iTunes
2008-06-01 16:08 --------- d-----w C:\Program Files\iPod
2008-05-30 06:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-29 21:36 --------- d-----w C:\Program Files\eMule
2008-05-29 20:51 --------- d-----w C:\Program Files\Kontiki
2008-05-26 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-22 22:17 --------- d-----w C:\Program Files\MyEmoticons
2008-05-20 23:09 --------- d-----w C:\Program Files\Absolute Poker
2008-05-20 22:46 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-20 22:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple Computer
2008-05-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-20 21:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-20 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-05-05 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-01 08:17 --------- d-----w C:\Program Files\UltimateBet
2008-04-20 22:27 --------- d-----w C:\Program Files\Winamp
2008-04-20 22:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 21:57 --------- d-----w C:\Program Files\Nero
2008-04-20 21:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nero
2008-04-20 19:24 --------- d-----w C:\Program Files\Ahead
2006-03-25 23:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\dllcache\TCPIP.SYS
2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot_2008-06-02_ 1.25.03.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 00:19:39 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
+ 2008-06-04 07:18:21 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
- 2005-06-03 09:24:06 49,248 ----a-w C:\WINDOWS.0\system32\java.exe
+ 2008-03-25 00:28:39 135,168 ----a-w C:\WINDOWS.0\system32\java.exe
- 2005-06-03 09:24:14 49,250 ----a-w C:\WINDOWS.0\system32\javaw.exe
+ 2008-03-25 00:28:43 135,168 ----a-w C:\WINDOWS.0\system32\javaw.exe
- 2005-06-03 10:52:56 127,078 ----a-w C:\WINDOWS.0\system32\javaws.exe
+ 2008-03-25 01:37:01 139,264 ----a-w C:\WINDOWS.0\system32\javaws.exe
- 2008-06-02 00:16:12 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
+ 2008-06-04 06:43:33 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
- 2008-06-02 00:16:12 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-06-04 06:43:33 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-06-04 07:18:27 16,384 ----atw C:\WINDOWS.0\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 23:10 667648]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-07-17 12:07 33792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS.0\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS.0\system32\imc32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS.0\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS.0\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2003-03-20 22:21 1855488 C:\WINDOWS.0\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-14 18:53 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS.0\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-12-31 13:00 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2007-06-11 08:06 901120 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
--a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-09-30 03:18 24576 C:\Program Files\Winamp\Winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
E:\installs\workflow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Documents and Settings\\Administrator\\My Documents\\BlueSoleil.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS.0\\explorer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34320:TCP"= 34320:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"44062:TCP"= 44062:TCP:@xpsp2res.dll,-22009
"6860:TCP"= 6860:TCP:@xpsp2res.dll,-22009
"5923:TCP"= 5923:TCP:@xpsp2res.dll,-22009
"28078:TCP"= 28078:TCP:@xpsp2res.dll,-22009
"45873:TCP"= 45873:TCP:@xpsp2res.dll,-22009
"421:TCP"= 421:TCP:@xpsp2res.dll,-22009
"10415:TCP"= 10415:TCP:@xpsp2res.dll,-22009
"32539:TCP"= 32539:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"27804:TCP"= 27804:TCP:@xpsp2res.dll,-22009
"29052:TCP"= 29052:TCP:@xpsp2res.dll,-22009
"39424:TCP"= 39424:TCP:@xpsp2res.dll,-22009

R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R3 cmipci;CMI8738/8768 Audio Driver;C:\WINDOWS.0\system32\drivers\cmipci.sys [2007-10-02 03:10]
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.0\system32\UnlockerDriver4.sys [2005-04-24 13:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pneniaee

*Newly Created Service* - GEIAWBXN
.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 22:04:43 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 08:18:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Administrator\My Documents\BTNtService.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS.0\system32\oodag.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-04 8:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 07:24:21
ComboFix2.txt 2008-06-02 00:25:29
ComboFix3.txt 2008-05-30 23:14:27

Pre-Run: 26,915,893,248 bytes free
Post-Run: 26,902,618,112 bytes free

263

Here is the new combofix log;

ComboFix 08-05-29.1 - Administrator 2008-06-05 23:21:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.171 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe
C:\Documents and Settings\vic\Desktop\New Folder\Ares.exe
C:\Documents and Settings\vic\Desktop\PAUL\Ares.exe
C:\WINDOWS.0\system32\cmdow.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\!KillBox\acctreso.dll
C:\!KillBox\acctreso.dll( 1)
C:\!KillBox\acctreso.dll( 2)
C:\!KillBox\acctreso.dll( 3)
C:\!KillBox\index.dat
C:\!KillBox\index.dat( 1)
C:\!KillBox\Logs\kb.log
C:\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe
C:\Documents and Settings\vic\Desktop\New Folder\Ares.exe
C:\Documents and Settings\vic\Desktop\PAUL\Ares.exe
C:\Program Files\ARES
C:\Program Files\ARES\Ares.exe
C:\Program Files\ARES\data\anonproxies.txt.sample
C:\Program Files\ARES\data\Blocked.txt.sample
C:\Program Files\ARES\data\Blocked_Keywords.txt.sample
C:\Program Files\ARES\data\ChanListFilter.txt
C:\Program Files\ARES\data\GUI\General\chat.bmp
C:\Program Files\ARES\data\GUI\General\emotic.bmp
C:\Program Files\ARES\data\GUI\General\libbig.bmp
C:\Program Files\ARES\data\GUI\General\logo.bmp
C:\Program Files\ARES\data\GUI\General\mimesmall.bmp
C:\Program Files\ARES\data\GUI\General\mshareset.bmp
C:\Program Files\ARES\data\GUI\General\player.bmp
C:\Program Files\ARES\data\GUI\General\playlistbtns.bmp
C:\Program Files\ARES\data\GUI\General\prefs.txt
C:\Program Files\ARES\data\GUI\General\searchpnl.bmp
C:\Program Files\ARES\data\GUI\General\searchstars.bmp
C:\Program Files\ARES\data\GUI\General\tabsbig.bmp
C:\Program Files\ARES\data\GUI\General\tabssmall.bmp
C:\Program Files\ARES\data\GUI\General\transfer.bmp
C:\Program Files\ARES\data\GUI\General\webanim.bmp
C:\Program Files\ARES\data\P2PFilter.txt
C:\Program Files\ARES\data\SNodes
C:\Program Files\ARES\lang\chinese_cn.txt
C:\Program Files\ARES\lang\chinese_tw.txt
C:\Program Files\ARES\lang\czech.txt
C:\Program Files\ARES\lang\dutch.txt
C:\Program Files\ARES\lang\finland.txt
C:\Program Files\ARES\lang\french.txt
C:\Program Files\ARES\lang\german.txt
C:\Program Files\ARES\lang\italian.txt
C:\Program Files\ARES\lang\japanese.txt
C:\Program Files\ARES\lang\kurdish.txt
C:\Program Files\ARES\lang\kyrgyz.txt
C:\Program Files\ARES\lang\polish.txt
C:\Program Files\ARES\lang\portugues.txt
C:\Program Files\ARES\lang\slovak.txt
C:\Program Files\ARES\lang\spanish.txt
C:\Program Files\ARES\lang\spanishLA.txt
C:\Program Files\ARES\lang\swedish.txt
C:\Program Files\ARES\lang\turkish.txt
C:\Program Files\ARES\tcpip_patcher.sys
C:\Program Files\ARES\TcpIpPatcherDll.dll
C:\Program Files\ARES\uninstall.exe
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\00803096
C:\Program Files\Need2Find\bar\Cache\00803401
C:\Program Files\Need2Find\bar\Cache\0080354A
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS.0\system32\cmdow.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-04 08:06 . 2008-06-04 08:06 <DIR> d-------- C:\Program Files\Sun
2008-06-04 08:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS.0\system32\javacpl.cpl
2008-06-04 07:54 . 2008-06-04 07:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 20:58 . 2008-06-02 20:58 <DIR> d-------- C:\Program Files\Comodo
2008-06-02 20:58 . 2008-06-02 20:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\BOC426
2008-06-02 20:58 . 2008-03-28 09:17 212,728 --a------ C:\WINDOWS.0\CMDLIC.DLL
2008-06-02 20:58 . 2008-03-28 09:16 205,560 --a------ C:\WINDOWS.0\UNBOC.EXE
2008-06-02 20:58 . 2002-12-31 13:00 22,528 --a------ C:\WINDOWS.0\system32\wsock32.dlb
2008-06-02 20:58 . 2008-06-05 23:14 7,737 --a------ C:\WINDOWS.0\BOC426.INI
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-02 00:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS.0\system32\drivers\mbamcatchme.sys
2008-06-02 00:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2008-06-01 17:07 . 2008-06-01 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$
2008-05-31 20:58 . 2008-05-31 20:58 <DIR> d-------- C:\WINDOWS.0\%DownloadedProgramFiles%
2008-05-31 20:56 . 2006-07-27 13:52 367 --a------ C:\WINDOWS.0\system32\LegitCheckControl.inf
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\system32\xircom
2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\mui
2008-05-31 08:37 . 2008-05-31 08:37 <DIR> d-------- C:\WINDOWS.0\msagent
2008-05-30 20:41 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS.0\system32\dllcache\sysmain.sdb
2008-05-30 20:41 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS.0\system32\dllcache\apph_sp.sdb
2008-05-30 20:41 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS.0\system32\dllcache\apphelp.sdb
2008-05-30 20:34 . 2008-05-30 20:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-29 22:36 . 2008-05-29 22:36 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles
2008-05-29 22:36 . 2008-05-30 20:25 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF
2008-05-29 22:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2008-05-29 21:51 . 2008-05-29 21:51 <DIR> d-------- C:\Program Files\Channel4
2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Channel4
2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\WINDOWS.0\F8BA8B13856D4DFBA28F7EC868142453.TMP
2008-05-25 01:32 . 2008-05-25 01:32 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\ymjmieen
2008-05-22 22:10 . 2008-05-22 22:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ymjmieen
2008-05-22 22:07 . 2008-05-22 22:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SuperAdBlocker.com
2008-05-22 22:06 . 2008-05-22 22:14 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-22 22:03 . 2008-05-22 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 00:09 . 2008-05-21 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg7
2008-05-21 00:02 . 2008-06-05 23:09 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
2008-05-21 00:02 . 2008-06-01 17:09 1,409 --a------ C:\WINDOWS.0\QTFont.for
2008-05-20 23:51 . 2008-05-20 23:51 <DIR> d-------- C:\Program Files\Bonjour
2008-05-20 23:03 . 2008-05-20 23:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-20 23:00 . 2008-06-01 18:47 <DIR> d----c--- C:\WINDOWS.0\system32\DRVSTORE
2008-05-20 22:54 . 2008-05-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple
2008-05-07 20:59 . 2008-05-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-05-07 20:58 . 2008-05-07 20:58 20,608 --a------ C:\WINDOWS.0\system32\drivers\lfhboxfp.dat
2008-05-05 22:47 . 2008-05-05 22:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Ahead
2008-05-05 10:52 . 2008-05-05 10:56 1,992 --a------ C:\WINDOWS.0\desctemp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 22:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki
2008-06-04 07:06 --------- d-----w C:\Program Files\Java
2008-06-01 16:08 --------- d-----w C:\Program Files\iTunes
2008-06-01 16:08 --------- d-----w C:\Program Files\iPod
2008-05-30 06:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-29 21:36 --------- d-----w C:\Program Files\eMule
2008-05-29 20:51 --------- d-----w C:\Program Files\Kontiki
2008-05-26 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-22 22:17 --------- d-----w C:\Program Files\MyEmoticons
2008-05-20 23:09 --------- d-----w C:\Program Files\Absolute Poker
2008-05-20 22:46 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-20 22:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple Computer
2008-05-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-20 21:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-20 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-05-05 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-01 08:17 --------- d-----w C:\Program Files\UltimateBet
2008-04-20 22:27 --------- d-----w C:\Program Files\Winamp
2008-04-20 22:00 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 21:57 --------- d-----w C:\Program Files\Nero
2008-04-20 21:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nero
2008-04-20 19:24 --------- d-----w C:\Program Files\Ahead
2006-03-25 23:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\dllcache\TCPIP.SYS
2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot_2008-06-02_ 1.25.03.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 00:19:39 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
+ 2008-06-05 22:09:28 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat
- 2005-06-03 09:24:06 49,248 ----a-w C:\WINDOWS.0\system32\java.exe
+ 2008-03-25 00:28:39 135,168 ----a-w C:\WINDOWS.0\system32\java.exe
- 2005-06-03 09:24:14 49,250 ----a-w C:\WINDOWS.0\system32\javaw.exe
+ 2008-03-25 00:28:43 135,168 ----a-w C:\WINDOWS.0\system32\javaw.exe
- 2005-06-03 10:52:56 127,078 ----a-w C:\WINDOWS.0\system32\javaws.exe
+ 2008-03-25 01:37:01 139,264 ----a-w C:\WINDOWS.0\system32\javaws.exe
- 2008-06-02 00:16:12 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
+ 2008-06-05 22:13:34 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat
- 2008-06-02 00:16:12 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-06-05 22:13:34 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat
+ 2008-06-05 22:09:34 16,384 ----atw C:\WINDOWS.0\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 23:10 667648]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-07-17 12:07 33792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS.0\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS.0\system32\imc32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS.0\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS.0\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2003-03-20 22:21 1855488 C:\WINDOWS.0\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-14 18:53 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS.0\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-12-31 13:00 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2007-06-11 08:06 901120 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
--a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-09-30 03:18 24576 C:\Program Files\Winamp\Winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
E:\installs\workflow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Documents and Settings\\Administrator\\My Documents\\BlueSoleil.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS.0\\explorer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34320:TCP"= 34320:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"44062:TCP"= 44062:TCP:@xpsp2res.dll,-22009
"6860:TCP"= 6860:TCP:@xpsp2res.dll,-22009
"5923:TCP"= 5923:TCP:@xpsp2res.dll,-22009
"28078:TCP"= 28078:TCP:@xpsp2res.dll,-22009
"45873:TCP"= 45873:TCP:@xpsp2res.dll,-22009
"421:TCP"= 421:TCP:@xpsp2res.dll,-22009
"10415:TCP"= 10415:TCP:@xpsp2res.dll,-22009
"32539:TCP"= 32539:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"27804:TCP"= 27804:TCP:@xpsp2res.dll,-22009
"29052:TCP"= 29052:TCP:@xpsp2res.dll,-22009
"39424:TCP"= 39424:TCP:@xpsp2res.dll,-22009

R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R3 cmipci;CMI8738/8768 Audio Driver;C:\WINDOWS.0\system32\drivers\cmipci.sys [2007-10-02 03:10]
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.0\system32\UnlockerDriver4.sys [2005-04-24 13:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pneniaee

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 22:04:43 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 23:24:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 23:27:16
ComboFix-quarantined-files.txt 2008-06-05 22:27:00
ComboFix2.txt 2008-06-04 07:24:29
ComboFix3.txt 2008-06-02 00:25:29
ComboFix4.txt 2008-05-30 23:14:27

Pre-Run: 26,862,247,936 bytes free
Post-Run: 26,841,976,832 bytes free

309

#12 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 05 June 2008 - 06:54 PM

Hi

what is this backup folder from ?

C:\Documents and Settings\Administrator\Desktop\backups

-
Please run & post a new KASPERSKY ONLINE SCANNER REPORT

-
Please Have a look here at ways to keep your computer safe :-

Simple steps to keep your computer secure! By Grinler > http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

& here :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279


For anti-virus I recommend AVG FREE :- http://free.grisoft.com/ww.download-avg-an...us-free-edition

& ZoneAlarm FREE firewall :- http://www.download.com/ZoneAlarm-Firewall...4-10039884.html

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#13 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 06 June 2008 - 05:36 PM

Hi Steam,

The back up folder was some previous software on the computer. I have deleted it. I have completed another Kaspersky online report. Here is the log, many thanks Matt;

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 06, 2008 11:31:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/06/2008
Kaspersky Anti-Virus database records: 834859
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 57949
Number of viruses found: 25
Number of infected objects: 110
Number of suspicious objects: 0
Duration of the scan process: 01:42:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008060620080607\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\!KillBox\acctreso.dll( 1).vir Infected: Rootkit.Win32.Podnuha.cb skipped
C:\QooBox\Quarantine\C\!KillBox\acctreso.dll( 2).vir Infected: Rootkit.Win32.Podnuha.cb skipped
C:\QooBox\Quarantine\C\!KillBox\acctreso.dll( 3).vir Infected: Rootkit.Win32.Podnuha.cb skipped
C:\QooBox\Quarantine\C\!KillBox\acctreso.dll.vir Infected: Rootkit.Win32.Podnuha.cb skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe.vir/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe.vir/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe.vir WiseSFX: infected - 2 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Desktop\ALL\p2p\BSINSTALL.exe.vir WiseSFXDropper: infected - 2 skipped
C:\QooBox\Quarantine\C\Documents and Settings\vic\Desktop\New Folder\Ares.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\QooBox\Quarantine\C\Documents and Settings\vic\Desktop\PAUL\Ares.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\QooBox\Quarantine\C\Program Files\ARES\Ares.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\QooBox\Quarantine\C\Program Files\ARES\uninstall.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\QooBox\Quarantine\C\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL.vir Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\QooBox\Quarantine\C\WINDOWS.0\system32\cmdow.exe.vir Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\QooBox\Quarantine\C\WINDOWS.0\system32\drivers\geiawbxn.sys.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-05-31_ 00701.15.zip/clbs.dll Infected: Trojan.Win32.Obfuscated.avw skipped
C:\QooBox\Quarantine\catchme2008-05-31_ 00701.15.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-06-04_ 81652.50.zip/clbs.dll.bak Infected: Trojan-Clicker.Win32.Delf.ach skipped
C:\QooBox\Quarantine\catchme2008-06-04_ 81652.50.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003440.exe Infected: not-a-virus:AdTool.Win32.WhenU.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003442.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003443.exe Infected: not-a-virus:AdTool.Win32.WhenU.e skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005580.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005581.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005582.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005583.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005584.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005585.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005586.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005587.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005588.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005589.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005590.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005591.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005592.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005593.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005594.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005595.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005596.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005597.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005598.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005599.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005600.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005609.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005610.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005611.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005612.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005613.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005614.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005615.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005616.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005617.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005618.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005619.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005620.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005621.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005622.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005623.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005624.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005625.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005626.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005627.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005628.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005629.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005638.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005639.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005640.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005641.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005642.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005643.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005644.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005645.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005646.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005647.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005648.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005649.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005650.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005651.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005652.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005653.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005654.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005655.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005656.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005657.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005658.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005671.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005672.ocx Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005673.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005674.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005675.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005676.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005677.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005678.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005679.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005680.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005681.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005682.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005683.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005684.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005685.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005686.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005687.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005688.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005689.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005690.ocx Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005691.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005692.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005693.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005694.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005695.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005696.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005697.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005698.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005699.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005707.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005708.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005709.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005710.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005711.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005712.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005713.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005714.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005715.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005716.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005717.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005718.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005719.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005720.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005721.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005722.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005723.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005724.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005725.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005726.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005727.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005735.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005736.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005737.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005738.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005739.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005740.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005741.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005742.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005743.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005744.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005745.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005746.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005747.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005748.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005749.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005750.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005751.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005752.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005753.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005754.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005755.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005782.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005783.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005784.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005785.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005786.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005787.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005788.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005789.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005790.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005791.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005792.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005793.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005794.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005795.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005796.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005797.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005798.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005799.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005800.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005801.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005813.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005814.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005815.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005816.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005817.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005818.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005819.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005820.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005821.cnv Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005864.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005865.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005866.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005867.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005868.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005869.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005870.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005871.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005872.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005873.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005874.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005875.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005876.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005877.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005878.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005879.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005880.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005881.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005882.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005883.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005884.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005885.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005886.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005887.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005888.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005889.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005890.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005891.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005892.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005893.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005894.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005895.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005896.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005897.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005898.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005899.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005900.tsp Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005901.TSP Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005902.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005903.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005904.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005905.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005906.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005907.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005908.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005909.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005910.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005911.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005912.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005913.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005914.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005915.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005916.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005961.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005962.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005963.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005964.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005965.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005966.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005967.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005968.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005969.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005970.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005971.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005972.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005973.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005974.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005975.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005976.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005977.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005978.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005979.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005980.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005981.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005982.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005983.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005984.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005985.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005986.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005987.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005988.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005989.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005990.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005991.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005992.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005993.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005994.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005995.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005996.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005997.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005998.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005999.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006000.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006001.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006002.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006003.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006004.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006005.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006006.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006007.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006008.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006009.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006010.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006011.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006012.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006013.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006014.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006015.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006016.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006017.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006018.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006019.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008679.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008683.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008684.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008685.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008686.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008694.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008705.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP53\A0009706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP54\A0009718.EXE Infected: not-a-virus:AdWare.Win32.Bestofer.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0010706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0011706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0012706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP57\A0013708.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP58\A0013723.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP59\A0013734.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013755.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013761.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013767.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013773.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013786.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0014780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0015780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0016783.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0016786.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP68\A0017796.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP68\A0019803.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000294.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023 Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020821.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020821.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020822.dll Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020824.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020825.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020829.exe Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020830.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020835.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP77\A0021179.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP77\A0021180.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000407.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000408.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000409.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000410.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000411.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000412.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000413.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000414.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000415.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000416.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000417.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000418.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000419.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000420.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000421.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000422.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000423.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000424.cat Object is locked skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP1\A0000001.dll Infected: Trojan-Downloader.Win32.Agent.rzr skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004909.dll Infected: Rootkit.Win32.Podnuha.cb skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004910.exe Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004913.exe Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004914.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004916.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004916.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004916.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004916.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004917.exe Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004918.exe Infected: not-a-virus:AdTool.Win32.WhenU.l skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004919.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004958.dll Infected: Trojan-Clicker.Win32.Delf.ach skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004979.dll Infected: Trojan-Clicker.Win32.Delf.ach skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004980.dll Infected: Rootkit.Win32.Podnuha.cb skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004981.dll Infected: Trojan-Clicker.Win32.Delf.ach skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004982.dll Infected: Rootkit.Win32.Podnuha.cb skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004983.dll Infected: Rootkit.Win32.Podnuha.cb skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP15\A0004984.dll Infected: Rootkit.Win32.Podnuha.cb skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP16\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS.0\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS.0\SchedLgU.Txt Object is locked skipped
C:\WINDOWS.0\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS.0\Sti_Trace.log Object is locked skipped
C:\WINDOWS.0\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\default Object is locked skipped
C:\WINDOWS.0\system32\config\default.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS.0\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS.0\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS.0\system32\config\SAM Object is locked skipped
C:\WINDOWS.0\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\software Object is locked skipped
C:\WINDOWS.0\system32\config\software.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\system Object is locked skipped
C:\WINDOWS.0\system32\config\system.LOG Object is locked skipped
C:\WINDOWS.0\system32\drivers\lfhboxfp.dat Object is locked skipped
C:\WINDOWS.0\system32\h323log.txt Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS.0\Temp\Perflib_Perfdata_640.dat Object is locked skipped
C:\WINDOWS.0\wiadebug.log Object is locked skipped
C:\WINDOWS.0\wiaservc.log Object is locked skipped
C:\WINDOWS.0\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by matt8188, 06 June 2008 - 05:37 PM.


#14 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 06 June 2008 - 06:04 PM

Hi

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

THEN Please run & post a new KASPERSKY ONLINE SCANNER REPORT (this should be the last one) :thumbsup:

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#15 matt8188

matt8188
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 07 June 2008 - 11:44 AM

Thanks Steam,

Here's the new Kaspersky Online Report;

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 5:22:17 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 837136
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54831
Number of viruses found: 17
Number of infected objects: 73
Number of suspicious objects: 0
Duration of the scan process: 01:31:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003440.exe Infected: not-a-virus:AdTool.Win32.WhenU.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003442.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP13\A0003443.exe Infected: not-a-virus:AdTool.Win32.WhenU.e skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005580.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005581.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005582.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005583.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005584.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005585.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005586.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005587.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005588.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005589.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005590.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005591.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005592.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005593.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005594.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005595.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005596.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005597.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005598.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005599.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP30\A0005600.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005609.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005610.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005611.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005612.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005613.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005614.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005615.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005616.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005617.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005618.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005619.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005620.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005621.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005622.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005623.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005624.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005625.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005626.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005627.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005628.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP31\A0005629.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005638.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005639.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005640.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005641.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005642.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005643.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005644.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005645.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005646.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005647.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005648.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005649.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005650.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005651.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005652.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005653.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005654.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005655.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005656.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005657.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP32\A0005658.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005671.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005672.ocx Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005673.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005674.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005675.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005676.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005677.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005678.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005679.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005680.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005681.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005682.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005683.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005684.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005685.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005686.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005687.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005688.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005689.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005690.ocx Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005691.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005692.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005693.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005694.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005695.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005696.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005697.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005698.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP33\A0005699.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005707.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005708.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005709.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005710.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005711.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005712.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005713.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005714.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005715.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005716.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005717.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005718.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005719.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005720.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005721.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005722.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005723.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005724.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005725.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005726.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP34\A0005727.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005735.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005736.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005737.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005738.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005739.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005740.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005741.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005742.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005743.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005744.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005745.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005746.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005747.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005748.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005749.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005750.sys Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005751.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005752.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005753.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005754.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP35\A0005755.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005782.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005783.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005784.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005785.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005786.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005787.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005788.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005789.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005790.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005791.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005792.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005793.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005794.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005795.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005796.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005797.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005798.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005799.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005800.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP36\A0005801.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005813.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005814.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005815.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005816.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005817.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005818.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005819.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005820.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP37\A0005821.cnv Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005864.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005865.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005866.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005867.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005868.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005869.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005870.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005871.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005872.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005873.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005874.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005875.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005876.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005877.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005878.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005879.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005880.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005881.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005882.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005883.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005884.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005885.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005886.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005887.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005888.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005889.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005890.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005891.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005892.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005893.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005894.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005895.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005896.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005897.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005898.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005899.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005900.tsp Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005901.TSP Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005902.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005903.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005904.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005905.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005906.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005907.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005908.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005909.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005910.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005911.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005912.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005913.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005914.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005915.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP38\A0005916.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005961.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005962.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005963.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005964.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005965.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005966.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005967.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005968.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005969.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005970.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005971.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005972.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005973.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005974.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005975.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005976.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005977.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005978.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005979.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005980.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005981.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005982.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005983.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005984.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005985.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005986.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005987.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005988.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005989.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005990.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005991.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005992.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005993.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005994.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005995.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005996.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005997.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005998.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0005999.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006000.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006001.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006002.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006003.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006004.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006005.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006006.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006007.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006008.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006009.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006010.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006011.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006012.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006013.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006014.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006015.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006016.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006017.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006018.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP39\A0006019.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008679.exe Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008683.dll Infected: not-a-virus:AdWare.Win32.Altnet.t skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008684.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008685.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008686.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008694.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP48\A0008705.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP53\A0009706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP54\A0009718.EXE Infected: not-a-virus:AdWare.Win32.Bestofer.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0010706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0011706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP55\A0012706.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP57\A0013708.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP58\A0013723.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP59\A0013734.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013755.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013761.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013767.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013773.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP63\A0013786.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0014780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0015780.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0016783.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP67\A0016786.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP68\A0017796.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP68\A0019803.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000294.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000335.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000336.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000337.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000338.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000339.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000340.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe/data0023 Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000341.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe/EXE-file/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe/EXE-file Infected: not-a-virus:AdWare.Win32.SaveNow.bz skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe Alloy: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP7\A0000345.exe ASPack: infected - 2 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020821.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020821.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP72\A0020822.dll Infected: not-a-virus:AdWare.Win32.404Search.l skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020824.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020825.EXE Infected: not-a-virus:AdWare.Win32.BetterInternet.bd skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020829.exe Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020830.exe Infected: not-a-virus:AdWare.Win32.Bestofer.b skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP73\A0020835.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP77\A0021179.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP77\A0021180.dll Infected: not-a-virus:AdWare.Win32.RXBar.f skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000407.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000408.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000409.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000410.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000411.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000412.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000413.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000414.ver Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000415.inf Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000416.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000417.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000418.cat Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000419.exe Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000420.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000421.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000422.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000423.dll Object is locked skipped
C:\System Volume Information\_restore{23BE2802-86DC-4256-A7CD-E40A69872BF0}\RP8\A0000424.cat Object is locked skipped
C:\System Volume Information\_restore{24B0EF11-F7CC-4D8E-BB4F-30C4CCBB5278}\RP1\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS.0\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS.0\SchedLgU.Txt Object is locked skipped
C:\WINDOWS.0\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS.0\Sti_Trace.log Object is locked skipped
C:\WINDOWS.0\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\default Object is locked skipped
C:\WINDOWS.0\system32\config\default.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS.0\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS.0\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS.0\system32\config\SAM Object is locked skipped
C:\WINDOWS.0\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\software Object is locked skipped
C:\WINDOWS.0\system32\config\software.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\system Object is locked skipped
C:\WINDOWS.0\system32\config\system.LOG Object is locked skipped
C:\WINDOWS.0\system32\drivers\lfhboxfp.dat Object is locked skipped
C:\WINDOWS.0\system32\h323log.txt Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS.0\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\WINDOWS.0\wiadebug.log Object is locked skipped
C:\WINDOWS.0\wiaservc.log Object is locked skipped
C:\WINDOWS.0\WindowsUpdate.log Object is locked skipped

Scan process completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users